Fortigate SSL Inspection
In this Blog we will Understand the requirement for SSL inspection and how it effect our networks.
Before we go into practical configuration of ssl inspection we should understand why do we need SSL Inspection in network.
Today 90% of network traffic is encrypted with SSL/TLS ( you will see HTTPS ) from client to server, this simply means what ever traffic Client encrypte using crypto certificates it will only be decrypted by Server.
In this scenerio we as a network/security engineer wont be able to control/restrict what traffic should be permitted from our network and how we can security our network in case any malware attached under TLS traffic.
Some times as a security engineer we get requirement from business to block some type of files upload/download in office premises as well, as this file upload and download are happening using TLS security our network firewalls will not be able to block this type of traffic.
To overcome with this type of scenerios SSL inspection was designed so Firewall can act as a man in the middle and decrypt and encrypt all traffic passing from client to Internet and if we have any public facing server from internet client to our Web servers.
Simple architecture of SSL inspection how firewall performs.
- Certificate Inspection.
- Full SSL inspection.
- Certificate Inspection - Certificate inspection will check a headers upto SSL/TLS layer but will not perform deep inspection. If we do not want to do deep inspection due to procace but want to restrict web traffic we can perform SSL/TLS inspeciton with certificate inspection.
- Full SSL inspection - Full inspection will check traffic with deep inspection, it will decrypt all traffic and again encrypt everything.
Comments
Post a Comment